Yo ho, Yo ho, a Pirates Life For Me

By: Matthew Bookspan

Pirates are lurking around your business waiting for you to open an email message and let them have access to your bounty. You believe that having “security systems” in place protects you from these pirates. You probably have a network firewall and antivirus/anti-malware software.

It doesn’t matter. These pirates are familiar with the security systems. They don’t need to waste their time breaking into your firewall. Why? Because one of your employees will open the door for them with an unknowing yet gracious invitation.

Have you ever heard of CryptoLocker or one of its variants? The clever developers of this ransomware primarily attack Microsoft Windows machines by sending an email to one of your employees with an attached file.

If the attached file is opened, this little virus will encrypt every file on the machine and the local network. You can’t access your data until you a) restore from a backup or b) pay the ransom. This payment is usually via Bitcoin, and the the decryption key code is sent to you upon receipt of said payment. The ransom is usually less than $1000USD, however the cost to your business is significant: downtime.

Ok, I’m worried. How do I protect my business from these Pirates?

  • Train your employees not to open attachments from unknown sources
  • Have daily onsite and cloud backups of your data
  • Adopt the Apple Mac platform
  • Reduce your email intake by unsubscribing from extraneous information
  • Leverage social media (Facebook, LinkedIn, Twitter) for the latest information

As you can imagine, the real costs of these attacks is not in the ransom fee. It is the cost of returning your team to normalcy and the downtime endured while your files are decrypted.

For some, merely wiping hard drives and reinstalling the backup is more efficient than paying the ransom and decrypting the files. However, reinstalling the backup to multiple servers could take weeks, and this is time that you don’t have.

If you are the victim of a Pirate attack, the U.S. Computer Emergency Readiness Team recommends the following:

  • Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware.
  • If possible, change all online account passwords and network passwords after removing the system from the network. Change all system passwords once the malware is removed from the system.
  • If your computer has not yet been encrypted with the CryptoLocker malware, the tools listed in TA14-150A may be able to remove this malware from your machine.

The sharks at Blacktip do our best to prepare our clients for cyber attacks and help keep the pirates at bay. Whether you are attacked or not, be sure you have a response and recovery plan. Time lost is not acceptable in today’s fast moving marketplace.